Author Posts

July 31, 2018 at 5:18 pm

I have started a script that finds all user accounts that are service accounts (their password never expire):

$CorpSvcAccts = Get-ADUser -filter * -Properties PasswordNeverExpires |
    select name,PasswordNeverExpires,MemberOf | Where-Object {$_.PasswordNeverExpires -like "True"}
        
 foreach ($SvcAccts in $CorpSvcAccts)   {
    select memberOf -ExpandProperty memberOf $_. ??

 }

...but wish to THEN discover if they are part of a Group called ServiceAccts. I want to export those results. Maybe one column that shows the User account that are TRUE (have membership) and another column that shows FALSE.

I basically want to see each of the user accounts that have pwd set to never expire and if they're in the Security Group or not, exported.

Thank you

July 31, 2018 at 7:30 pm

You like to make it harder than needed, don't you? 😉

$DesiredGroup = Get-ADGroup -Identity 'Name of the Group' | Select-Object -ExpandProperty DistinguishedName
Get-ADUser -Filter "PasswordNeverExpires -eq '$true'" -Properties PasswordNeverExpires,MemberOf |
    Select-Object -Property Name,PasswordNeverExpires,
    @{
        Name='GroupMember';
        Expression={If($_.MemberOf -contains $DesiredGroup){$True}Else{$false}}
    }

July 31, 2018 at 8:43 pm

Well, I certainly don't intend to but it may appear that way to you. It's a slow learning curve for me.